URL has text "password" - is it a risk? do we remove it? rename to session_id?
When the noVNC window opens the URL looks like this:
Having password as a variable in the URL is going to raise a few questions. I am querying it.
Lance tried to login and couldn't . Maybe rename it to something else.